Page 1 of 1
Uploading files - really this easy?
Posted: Fri Apr 18, 2003 5:57 am
by Toneboy
I always thought uploading files was going to be a pretty difficult thing to learn, but I just saw this script over at
evilwalrus.com.
I can't believe uploading files could be so easy. But then again, the script is three years old. Here it is, adapted a bit.
Part 1:
Code: Select all
<form action="upload.php" method="post" ENCTYPE="multipart/form- data">
<input type="file" size=40 name="file"><br>
<input type="hidden" name="MAX_FILE_SIZE" value="100000">
<input type="submit" value="upload">
</form>
And, naturally enough, the proposed upload.php:
Code: Select all
<?
if ($file == "none") {
print "You must specify a file to upload";
}
else {
copy($file, "$DOCUMENT_ROOT/uploads/newfolder/$file_name");
unlink($file);
}
?>
Also I recognise that you would need to set the CHMOD settings on that directory correctly.
Is it really that simple, or should you be doing something else as well?
Posted: Fri Apr 18, 2003 6:05 am
by volka
basically it is that simple. In recent versions of php (see also:
http://forums.devnetwork.net/viewtopic.php?t=511) the location where the file infos are stored changed.
Code: Select all
<form action="upload.php" method="post" ENCTYPE="multipart/form-data">
<input type="file" size=40 name="file"><br>
<input type="hidden" name="MAX_FILE_SIZE" value="100000">
<input type="submit" value="upload">
</form>
Code: Select all
<?php
...
// is there just anything that might be considered an uploaded file?
if (isset($_FILES['file']) && $_FILES['file']['name']!='')
{
// any content?
if ($_FILES['file']['size'] > 0)
{
if (move_uploaded_file($_FILES['file']['tmp_name'], $uploaddir . $_FILES['file']['name']))
echo 'done.';
else
echo 'internal error, file could not be stored';
}
else
echo 'file has no content, aborted';
}
else
echo 'no file has been uploaded';
...
?>
(script tested not even by compiler

)
Posted: Fri Apr 18, 2003 6:11 am
by Toneboy
Excellent stuff, thanks.
Are you specifying your $uploaddir in your php.ini file, or doing that elsewhere? I'm a virtual server user, so unfortunately I would not be able to change any of the php.ini settings.
Posted: Fri Apr 18, 2003 6:17 am
by volka
it's from
http://www.php.net/manual/en/features.file-upload.php 
you can specify $uploaddir wherever you want (in that script or an included script or ...), that's why there are ... before and after the code snippet.
p.s.: I added
&& $_FILES['file']['name']!='' seconds before you posted. Always forget it

If the form is submitted without a file selected there is an element 'file' in $_FILES but without values for 'name', 'tmp_name' and so on.
Posted: Wed May 14, 2003 5:44 am
by Toneboy
Any recommendations for the best CHMOD setting for an upload directory - 0777?
All working fine and dandy, just fine-tuning now. I'm also adding a mail() line so I'm notified of whenever a friend uploads a file for me to look at.
Posted: Mon May 19, 2003 4:30 am
by PaulCreedy
I'm very new to PHP and was looking at a way of uploading a file.
Thanks for the example.
Do you know if there is a way of checking the file end so that I can allow/deny different file types.
ie only allow JPEG, deny any .exe files etc.
Thanks in advance
Posted: Mon May 19, 2003 9:57 am
by Tubbietoeter
Use preg_match to check the file-name extensions. thats not very save though since extensions can be changed.